CVE Vulnerabilities

CVE-2016-1960

Published: Mar 13, 2016 | Modified: Dec 27, 2019
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
6.8 CRITICAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.

Affected Software

Name Vendor Start Version End Version
Linux Oracle 5.0 (including) 5.0 (including)
Linux Oracle 6 (including) 6 (including)
Linux Oracle 7 (including) 7 (including)
Red Hat Enterprise Linux 5 RedHat firefox-0:38.7.0-1.el5_11 *
Red Hat Enterprise Linux 5 RedHat thunderbird-0:38.7.0-1.el5_11 *
Red Hat Enterprise Linux 6 RedHat firefox-0:38.7.0-1.el6_7 *
Red Hat Enterprise Linux 6 RedHat thunderbird-0:38.7.0-1.el6_7 *
Red Hat Enterprise Linux 7 RedHat firefox-0:38.7.0-1.el7_2 *
Red Hat Enterprise Linux 7 RedHat thunderbird-0:38.7.0-1.el7_2 *
Firefox Ubuntu precise *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu wily *
Thunderbird Ubuntu devel *
Thunderbird Ubuntu precise *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu upstream *
Thunderbird Ubuntu wily *
Thunderbird Ubuntu xenial *

References